class UsersController < ApplicationController
  def index
    @users = User.find(:all)
  end
  
  def new
    @user = User.new
  end

  def edit
    @user = User.find(params[:id])
    return self.unauthorized unless self.current_user.can('edit:user', @user)
    add_page_token(@user.login)
  end

  def create
    @user = User.new(params[:user])
    return self.unauthorized unless self.current_user.can('create:user', @user)
    if @user.save
      flash[:notice] = 'User was successfully created.'
      redirect_to(users_path)
    else
      render :action => "new"
    end
  end

  def update
    @user = User.find(params[:id])
    return self.unauthorized unless self.current_user.can('update:user', @user)
    add_page_token(@user.login)

    if @user.update_attributes(params[:user])
      flash[:notice] = 'User was successfully updated.'
      redirect_to(users_path)
    else
      render :action => "edit"
    end
  end

  def destroy
    @user = User.find(params[:id])
    return self.unauthorized unless self.current_user.can('delete:user', @user)
    @user.destroy

    redirect_to users_path
  end
end
